Bad Neighborhoods Are Common On The Internet
March 18, 2013

Report Looks Into The Internet’s Seediest Neighborhoods

Michael Harper for — Your Universe Online

Giovane Cesar Moreira Moura, a researcher in Holland, believes the Internet and the real world have something in common: Both have certain areas where crime is prevalent.

After scanning the traffic of more than 42,000 Internet Service Providers (ISPs), Moura found that nearly 50 percent of the world´s junk mail originates from only 20 different ISPs. Moreover, these ISPs are located in different areas of the world which have already become quite famous for Spam. These areas, which Moura has referred to as the Internet´s “bad neighborhoods,” also have their own specialty when it comes to their brand of Spam. With this information, Moura is suggesting new techniques for avoiding these attacks to keep Internet users safe.

Of the more than 42,000 ISPs he analyzed, Moura found that a majority of the junk mail, malware-laden messages and phishing attacks are sent from Brazil, India and Vietnam. While plenty of Spam flows from these ISPs, Moura found that one ISP – Spectranet in Nigeria – was particularly overloaded with junk mail. According to his research, Spam and other unwanted messages made up 62 percent of Spectranet´s traffic. This led Moura to discover that each country has a preference of which type of Spam they like to send out into the world. India and Vietnam, for instance, prefer the plain and simple Spam message. Much of this junk mail originates from only four Asian ISPs and India´s state-run BSNL. America is home to the phishing attack says Moura, who found that of the 20 top ISPs responsible for phishing attacks, 16 of them are located in the US.

Of course, it´s difficult to know if these messages are actually originating in these nations. The common practice of most scammers is to route their traffic through different ISPs so as to hide themselves and make the messages appear as if they came from somewhere else.

Now that Moura has effectively mapped out these “bad neighborhoods” around the Internet, he believes tools can be developed to take a second look at messages which originate from a known trouble area. If such a message were to land in an inbox, these suggested tools would know from which ISP the message originated, if this ISP is known for sending out such messages, and filter out the email automatically. Moura hopes these tools could be used to take a stand against these seedy “neighborhoods” and potentially persuade them to self-regulate.

"If security engineers want to reduce the incidence of attacks on the internet, they should start by tackling networks where attacks are more frequently originated," writes Moura in his research paper.  (PDF)

“If a user“¦wants to be safer on the Internet, he/she should avoid (or at least be much more careful) connecting to computers located in such networks.” Moura´s paper also notes that, just as it is in real-world “bad neighborhoods,” there are innocent civilians amongst the criminals. He says his analysis isn´t intended to lump them in with the Spammer´s, but instead to call attention to those ISPs which have been found to handle more than their fair share of junk mail and email scams.